Recent Changes - Search:




Main.How-to-verify-signature-of-downloaded-source-file-with-gpg History

Hide minor edits - Show changes to output

December 08, 2009, at 08:40 AM by -
Added lines 1-54:

*Download PGP public key block, Signature and the software.tar.gz

*Import the PGP public key block

$ gpg --import wietse.pgp
gpg: key C12BCD99: public key "Wietse Venema <>" imported
gpg: key D5327CB9: public key "wietse venema <>" imported
gpg: Total number processed: 2
gpg: imported: 2 (RSA: 2)
gpg: no ultimately trusted keys found

:~/postfix$ file wietse.pgp
wietse.pgp: PGP public key block

*List Keys

:~/postfix$ gpg --list-keys
pub 2048R/C12BCD99 2005-02-28
uid Wietse Venema <>

pub 1022R/D5327CB9 1992-09-25
uid wietse venema <>
uid wietse venema <>


*Verify Signature

:~/postfix$ gpg --verify postfix-2.6.5.tar.gz.sig postfix-2.6.5.tar.gz
gpg: Signature made Sat Aug 29 00:50:08 2009 UTC using RSA key ID C12BCD99
gpg: Good signature from "Wietse Venema <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB

Edit - History - Print - Recent Changes - Search
Page last modified on December 08, 2009, at 08:40 AM